In the following tutorial  i will explain the installation of the apache2 module “mod_evasive“.
Mod_evasive tracks the number of requests for files on the Apache2  server and blocks the delivery in case a certain limit is reached.

Step1. Install mod_evasive module:

apt-get install libapache2-mod-evasive

Step2. Create the log directory for mod_evasive:

mkdir -p /var/log/apache2/evasive

NOTE: Make sure the www-data user will have access to create logs:

chown -R www-data:root /var/log/apache2/evasive

Step3. Now edit the configuration file for the module 0 located in /etc/apache2/mods-available/mod-evasive.load like this:

vim /etc/apache2/mods-available/mod-evasive.load

After edit the file will look  like this:

LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
 <IfModule  mod_evasive20.c>
 DOSHashTableSize 3097
 DOSPageCount 5
 DOSSiteCount 120
 DOSPageInterval 1.5
 DOSSiteInterval 1.5
 DOSBlockingPeriod 10
 DOSLogDir "/var/log/apache2/evasive"
 </IfModule>

This config seems to be optimal for me.

Step4. Enable the module and restart apache:

a2enmod mod-evasive
 /etc/init.d/apache2 restart

 

3 Ways to Secure SSH Server

Valic —  October 7, 2011 — Leave a comment

For Debian Squeeze configuration file is located in /etc/ssh/sshd_config and at the  end of all the changes that will need to restart the server.

1. First step to one more secured ssh server is:

Change the standard port for ssh server

The first  safety rule is to change the default port because the majority of automated tools to perform brute force or dictionary attacks right at this port.

In the sshd_config file change the port directive to anoter port. I recomend to use a port above 1024.

Port 22

Will become:

Port 22222 or some other port

2. The second change is:

Disable root access

Continue Reading…

Rsync is often used for backup systems, with options such as:

-A --acls       : preserve the ACL, if used

-X --xattrs     : preserve extended attributes, if used

-H --hard-links : detect and preserve hard links

-a --archive    : resources and preserve the usual attributes: symbolic links, devices and special files,
user and group ownership, permissions and schedules

In addition to these stock options, rsync has many other.

Each has its own recipe, but I’d like to share two useful features :

Continue Reading…

If users have access to the files on your server, but you don’t want they to be able to execute commands, you can limit access to  sftp only.

Add a user to your system as normal with a password and then run the following command:

usermod -s /usr/lib/sftp-server username

Then change add the following to /etc/shells to make it a valid shell:

echo '/usr/lib/sftp-server' >> /etc/shells

Now this user can only run the sftp server as shell

 

Enjoy

You may be concerned about the security of your servers, and you should know that hackers often try to break your server

One way to secure your LAMP server would stop Apache and PHP5 to send details of their versions or other valuable informations.

1. How to hide Apache2 version?

Continue Reading…

Page 4 of 71234567